register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

Huntington Bank- 'Huntington Bank Security Update Notification'
18-Feb-2005

Summary
Email title: Huntington Bank Security Update Notification
Scam target: Huntington bank clients
Sender:

Huntington Bank <onlinebanking@huntington.com>
Sender spoofed/hidden? Spoofed
Scam goal: Getting victim's credit/debit card information, SSN, personal information
Phish link method URL link
Link 'masked'? Yes
Visible link: https://onlinebanking.huntington.com/login.asp
Actual link to: http://210.95.56.101/Get%20Home%20Page%20Servlet/onlinebanking.huntington.com/security/index.htm
Phish website IP: 210.95.56.101
 
E-mail
 
This is a pretty typical phishing email. It uses most of the largely used phish tricks, but is leaning more towards the simpler, larger-mass-mailed approach, rather than the more sophisticated, smaller scale one.
 
 
Web Site
Visible link: https://onlinebanking.huntington.com/login.asp
Actual link to: http://210.95.56.101/Get%20Home%20Page%20Servlet/onlinebanking.huntington.com/security/index.htm
Phish website IP: 210.95.56.101
 
The site that opens resembles closely the login screen of the legitimate Huntington bank website:
 
 

Here, there are 2 major clues of phishing:

  • The URL in the address bar is not located on huntington.com;
  • There is no indication of a HTTPS secured session in the browser.

The next page, after the immitated 'login', demands personal financial information:

 
 

All the concernes mentioned before are still valid on this page, with the added improbability of the bank asking for such information with the mentioned arguments.

After the information is entered, the site will redirect to the legitimate bank homepage:

 
 
WHOIS data (for IP 210.95.56.101): IP Location: Korea, Republic Of - Krnic
inetnum: 210.93.0.0 - 210.95.255.255
netname: KRNIC-KR
descr: KRNIC
descr: Korea Network Information Center
country: KR
admin-c: HM127-AP
tech-c: HM127-AP
mnt-by: APNIC-HM
mnt-lower: MNT-KRNIC-AP
changed: 19981001
changed: 20010606
changed: 20040322
status: ALLOCATED PORTABLE
source: APNIC
person: Host Master
address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
address: Seoul, Korea, 137-857
country: KR
phone: +82-2-2186-4500
fax-no: +82-2-2186-4496
nic-hdl: HM127-AP
mnt-by: MNT-KRNIC-AP
changed: 20020507
source: APNIC